Misleading information on Flathub.org

Greetings all. I’m in the process of switching over as much / all of any existing usage I have with snaps to flatpaks. I went to do that this morning for Bitwarden when I found the page I was surprised and impressed that the publisher was listed as 8bit Solutions, LLC.

But because it’s my password keeper I was not willing to take that on face value so I had to do some digging.

There is no reference (that I could find) on their download page to the Flatpak. Further it does not appear as though anyone from 8bit Solutions, LLC. is “approving” merges into the repo that builds the Flatpak. Further it uses some common, shared libraries submodule that is also not in anyway managed by 8bit Solutions LLC.

I think saying that the publisher for that Flatpak is at best incorrect and at worst dangerous.

I think it should be listed as Flatpak Community for 8bit Solutions LLC or there should be two entries on that page: package creator (Flatpak Community) and content originator (8bit Solutions LLC). Or something along those lines.

On second inspection I see there is a difference now between developer and publisher. I’m not sure why that didn’t register the first time.

Perhaps it should be more prominent and distinctive!

The app description for Bitwarden says

This wrapper is not verified by, affiliated with, or supported by 8bit Solutions LLC.

The developers are working on a redesigned website, which you can view at beta.flathub.org. One of the planned features for the new Flathub site is a clear indication as to which apps are supported by the upstream developer.

2 Likes

RIght, hence my follow-on comment that perhaps it should all be more prominent and distinctive. I agree that currently all the necessary information is there.

Also, looking at beta.flathub.org I would say at least currently it’s worse. At the very top under the Flatpak name is the “byline” and it lists 8bit Solutions LLC.

You have to read the last line of the description to understand that this is not softwrae 8bit Solutions LLC made directly.

My opinion is this is a disservice to Flatpak/Flathub. It should be prominent, distinctive and easy to discern that this is a community support Flatpak and not a publisher supported Flatpak. If you wanted to take a common idea you could use “verified checkmarks”.

Anyway, those are just my thoughts.

1 Like

Verified checkmarks are exactly what the issue linked above is about

1 Like

Hi, just adding another example:

AFAIK, Jami developers don’t publish officially over Flathub (I hope they did, but not until now), and the beta.flathub page seems to not being indicating that anywhere. Certainly it would be nice to have a simple way to know if the app is officially released through Flathub or it’s instead a community compilation, let’s say.

Nothing serious, just sort of convenient, I guess.

Kind regards and thanks a lot for your lovely work!